Advertisements

Cross site scripting and information disclosure in gobi/helma

Wednesday, 5 December 2007

Hanno Boeck has discovered a XSS vulnerability in gobi/helma.


read more...

F5 FirePass 4100 SSL VPN Cross-Site Scripting Vulnerabilities

Monday, 3 December 2007

Some vulnerabilities have been reported in F5 FirePass 4100 SSL VPN, which can be exploited by malicious people to conduct cross-site scripting attacks. Input passed via the URL to my.activation.php3 and my.logon.php3 is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. The vulnerabilities are reported in FirePass versions 5.4.1 to 5.5.2 and FirePass versions 6.0 to 6.0.1.


read more...

IBM Tivoli Netcool Security Manager Unspecified Cross-Site Scripting

Monday, 3 December 2007

A vulnerability has been reported in IBM Tivoli Netcool Security Manager, which can be exploited by malicious people to conduct cross-site scripting attacks. Certain unspecified input is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.


read more...

Apache HTTP Method Request Entity Too Large Cross-Site Scripting

Monday, 3 December 2007

PR07-37: XSS on Apache HTTP Server 413 error pages via malformed HTTP method Risk factor: N/A BID: 26663 The reason why we didn't consider this vulnerability a security risk is because the attacker needs to force the victim's browser to submit a malformed HTTP method. Header injection has been demonstrated to be possible using Flash [1] [2], but might be dependent on vulnerable Flash plugins. A relevant example published in the past is exploiting the Apache 'Expect' XSS [3] (CVE-2006-3918) using flash [4].


read more...

UPDIR.NET "updir.php" Cross-Site Scripting Vulnerability

Friday, 9 November 2007

A vulnerability has been reported in UPDIR.NET, which can be exploited by malicious people to conduct cross-site scripting attacks. Input passed to certain unspecified parameters in "updir.php" is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.


read more...

SAXON version 5.4 XSS Attack Vulnerability

Tuesday, 30 October 2007

Description: SAXON is a simple accessible online news publishing system for personal and small corporate site owners. Publish news, using configurable templates, on any .php page on your site. Publish news on a 'per author' basis. Edit and/or delete existing news items. Create multiple RSS news feeds automatically (RSS 0.9, RSS 2.0 and Atom). Post date news items for later public release. Multiple authors allowed. Ability to configure users as Standard or Administrators. Ability to add/delete users (Administrators only). Option to change any user password (Administrators only). Template creation/deletion/amendment interface. Online setup and configuration.


read more...

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 

 

45884 total xss
14724 special xss
3026 fixed
5328 xss onhold
2933 EW subscribers

Home | News | Articles | Advisories | Submit | Alerts | Links | What is XSS | About | Contact | Some Rights Reserved.